U.S. power plants, utilities face growing cyber vulnerability
This post is also available in: 
עברית (Hebrew)
American power plants and utility companies face a growing cyber vulnerability. No U.S. power plant has so far suffered a significant cyberattack, but experts say preventative actions must be taken to ensure safety.
Utilities provide services which, if disrupted for long periods of time may result in economic chaos and may even lead to social unrest. Consider the 2003 blackout, which left about fifty million people across North America without electricity for about four hours. That outage, caused by a sagging power line coming in contact with overgrown trees, cost $6 billion.
A cyberattack with intentions to create chaos could inflict far greater economic damage, as well as cost lives.
Electric Light&Power reports that a 2011 report from McAfee and the Center for Strategy and International Studies (CSIS) in Washington, D.C., states that small-scale attacks occur often. According to the report, 85 percent of executives in the power, oil and gas, and water sectors experience network infiltrations, and 25 percent reported they had been victims of a network related extortion.
Power and utility firms are implementing solutions to prevent and thwart cyberattacks, but security professionals who design cybersecurity systems face several challenges. Utilities are complex systems depending on a variety of instruments and technologies. No pre-package solution or off-the shelf product can fully secure a utility or solve its cybersecurity needs.
Security professionals must thus implement customized solutions which are unique to each utility’s systems. These solutions must protect established technology platforms yet remain flexible to adapt to new devices and technologies. Utilities must also consider cyberattacks as both external and internal concerns. Security solutions must therefore protect against staff mishandling of technologies, from downloading software to using file-sharing programs which can expose utility operations to malware and viruses.
Regulatory and cost concerns cannot be ignored when developing a cybersecurity system. Utilities and power companies face high cost when investing in cybersecurity solutions, and state regulators have not been willing to approve rate hikes to help utilities cover the cost of these investments. Utilities and power companies must not allow lack of government funding or lack of rate increases to undermine security investments, because the cost of not investing in cybersecurity is far too great.
